<html><body>
<style>

body, h1, h2, h3, div, span, p, pre, a {
  margin: 0;
  padding: 0;
  border: 0;
  font-weight: inherit;
  font-style: inherit;
  font-size: 100%;
  font-family: inherit;
  vertical-align: baseline;
}

body {
  font-size: 13px;
  padding: 1em;
}

h1 {
  font-size: 26px;
  margin-bottom: 1em;
}

h2 {
  font-size: 24px;
  margin-bottom: 1em;
}

h3 {
  font-size: 20px;
  margin-bottom: 1em;
  margin-top: 1em;
}

pre, code {
  line-height: 1.5;
  font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
}

pre {
  margin-top: 0.5em;
}

h1, h2, h3, p {
  font-family: Arial, sans serif;
}

h1, h2, h3 {
  border-bottom: solid #CCC 1px;
}

.toc_element {
  margin-top: 0.5em;
}

.firstline {
  margin-left: 2 em;
}

.method  {
  margin-top: 1em;
  border: solid 1px #CCC;
  padding: 1em;
  background: #EEE;
}

.details {
  font-weight: bold;
  font-size: 14px;
}

</style>

<h1><a href="binaryauthorization_v1.html">Binary Authorization API</a> . <a href="binaryauthorization_v1.projects.html">projects</a> . <a href="binaryauthorization_v1.projects.platforms.html">platforms</a> . <a href="binaryauthorization_v1.projects.platforms.gke.html">gke</a> . <a href="binaryauthorization_v1.projects.platforms.gke.policies.html">policies</a></h1>
<h2>Instance Methods</h2>
<p class="toc_element">
  <code><a href="#close">close()</a></code></p>
<p class="firstline">Close httplib2 connections.</p>
<p class="toc_element">
  <code><a href="#evaluate">evaluate(name, body=None, x__xgafv=None)</a></code></p>
<p class="firstline">Evaluates a Kubernetes object versus a GKE platform policy. Returns `NOT_FOUND` if the policy doesn't exist, `INVALID_ARGUMENT` if the policy or request is malformed and `PERMISSION_DENIED` if the client does not have sufficient permissions.</p>
<h3>Method Details</h3>
<div class="method">
    <code class="details" id="close">close()</code>
  <pre>Close httplib2 connections.</pre>
</div>

<div class="method">
    <code class="details" id="evaluate">evaluate(name, body=None, x__xgafv=None)</code>
  <pre>Evaluates a Kubernetes object versus a GKE platform policy. Returns `NOT_FOUND` if the policy doesn&#x27;t exist, `INVALID_ARGUMENT` if the policy or request is malformed and `PERMISSION_DENIED` if the client does not have sufficient permissions.

Args:
  name: string, Required. The name of the platform policy to evaluate in the format `projects/*/platforms/*/policies/*`. (required)
  body: object, The request body.
    The object takes the form of:

{ # Request message for PlatformPolicyEvaluationService.EvaluateGkePolicy.
  &quot;resource&quot;: { # Required. JSON or YAML blob representing a Kubernetes resource.
    &quot;a_key&quot;: &quot;&quot;, # Properties of the object.
  },
}

  x__xgafv: string, V1 error format.
    Allowed values
      1 - v1 error format
      2 - v2 error format

Returns:
  An object of the form:

    { # Response message for PlatformPolicyEvaluationService.EvaluateGkePolicy.
  &quot;results&quot;: [ # Evaluation result for each Pod contained in the request.
    { # Result of evaluating the whole GKE policy for one Pod.
      &quot;imageResults&quot;: [ # Per-image details.
        { # Result of evaluating one image.
          &quot;allowlistResult&quot;: { # Result of evaluating an image name allowlist. # If the image was exempted by a top-level allow_pattern, contains the allowlist pattern that the image name matched.
            &quot;matchedPattern&quot;: &quot;A String&quot;, # The allowlist pattern that the image matched.
          },
          &quot;checkSetResult&quot;: { # Result of evaluating one check set. # If a check set was evaluated, contains the result of the check set. Empty if there were no check sets.
            &quot;allowlistResult&quot;: { # Result of evaluating an image name allowlist. # If the image was exempted by an allow_pattern in the check set, contains the pattern that the image name matched.
              &quot;matchedPattern&quot;: &quot;A String&quot;, # The allowlist pattern that the image matched.
            },
            &quot;checkResults&quot;: { # Result of evaluating one or more checks. # If checks were evaluated, contains the results of evaluating each check.
              &quot;results&quot;: [ # Per-check details.
                { # Result of evaluating one check.
                  &quot;allowlistResult&quot;: { # Result of evaluating an image name allowlist. # If the image was exempted by an allow_pattern in the check, contains the pattern that the image name matched.
                    &quot;matchedPattern&quot;: &quot;A String&quot;, # The allowlist pattern that the image matched.
                  },
                  &quot;displayName&quot;: &quot;A String&quot;, # The name of the check.
                  &quot;evaluationResult&quot;: { # Result of evaluating one check. # If a check was evaluated, contains the result of the check.
                    &quot;verdict&quot;: &quot;A String&quot;, # The result of evaluating this check.
                  },
                  &quot;explanation&quot;: &quot;A String&quot;, # Explanation of this check result.
                  &quot;index&quot;: &quot;A String&quot;, # The index of the check.
                  &quot;type&quot;: &quot;A String&quot;, # The type of the check.
                },
              ],
            },
            &quot;displayName&quot;: &quot;A String&quot;, # The name of the check set.
            &quot;explanation&quot;: &quot;A String&quot;, # Explanation of this check set result. Only populated if no checks were evaluated.
            &quot;index&quot;: &quot;A String&quot;, # The index of the check set.
            &quot;scope&quot;: { # A scope specifier for `CheckSet` objects. # The scope of the check set.
              &quot;kubernetesNamespace&quot;: &quot;A String&quot;, # Optional. Matches all Kubernetes service accounts in the provided namespace, unless a more specific `kubernetes_service_account` scope already matched.
              &quot;kubernetesServiceAccount&quot;: &quot;A String&quot;, # Optional. Matches a single Kubernetes service account, e.g. `my-namespace:my-service-account`. `kubernetes_service_account` scope is always more specific than `kubernetes_namespace` scope for the same namespace.
            },
          },
          &quot;explanation&quot;: &quot;A String&quot;, # Explanation of this image result. Only populated if no check sets were evaluated.
          &quot;imageUri&quot;: &quot;A String&quot;, # Image URI from the request.
          &quot;verdict&quot;: &quot;A String&quot;, # The result of evaluating this image.
        },
      ],
      &quot;kubernetesNamespace&quot;: &quot;A String&quot;, # The Kubernetes namespace of the Pod.
      &quot;kubernetesServiceAccount&quot;: &quot;A String&quot;, # The Kubernetes service account of the Pod.
      &quot;podName&quot;: &quot;A String&quot;, # The name of the Pod.
      &quot;verdict&quot;: &quot;A String&quot;, # The result of evaluating this Pod.
    },
  ],
  &quot;verdict&quot;: &quot;A String&quot;, # The result of evaluating all Pods in the request.
}</pre>
</div>

</body></html>